Threat Intelligence Blog

Weekly Threat Intelligence Brief: December 13, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“A federal watchdog agency has issued its work plan for security-related reviews of Department of Health and Human Services’ agencies and programs in 2017. Planned reviews include examinations into how the Food and Drug Administration is handling cybersecurity issues related to networked medical devices, as well as audits of how well various healthcare sector organizations participating in the HITECH Act electronic health record incentive program are protecting EHR data.

As part of the HHS Office of Inspector General’s fiscal 2017 work plan, the agency plans to review FDA’s activities related to cybersecurity issues discovered “post-market,” or in legacy medical devices, as well as prior to new devices being approved to enter the marketplace.”

Financial Services

“Millions of accounts associated with video sharing site Dailymotion, one of the biggest video platforms in the world, have been stolen.

A hacker extracted 85.2 million unique email addresses and usernames from the company’s systems, but about one-in-five accounts — roughly 18.3 million– had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack. ”

– MSN

Technology

“Sony has released firmware updates for many of its security cameras to address a critical vulnerability that can be exploited to take control of the devices, including by botnets such as Mirai.

The flaw, discovered by IT security services and consulting company SEC Consult, affects 80 Sony SNC series IP cameras that feature the company’s IPELA ENGINE signal processing system. These professional products are used by many organizations worldwide, including by FIFA during the 2014 World Cup.

An analysis revealed that the firmware for Sony IPELA ENGINE IP cameras contains hardcoded password hashes for the admin and root users. Researchers only cracked the admin password, which is “admin,” but they believe the root password can also be easily obtained.”

– Security Week

Law Enforcement

“An international operation involving Europol’s European Cybercrime Centre (EC3) and the law enforcement authorities of 13 countries is targeting the users of distributed denial-of-service (DDoS) cyberattack tools, leading to 34 arrests and 101 suspects interviewed and cautioned.

Those arrested are suspected of paying for stressers and booters services as part of DDoS-for-hire schemes, and using them to launch attacks against targets, in order to flood websites and web servers with data, leaving them inaccessible to users.”

Defense

“Germany-based industrial conglomerate ThyssenKrupp was hit by a cyberespionage attack earlier this year that resulted in data being stolen from its industrial solutions and steel producing units.

An investigation revealed that the attack was carried out by a professional group of hackers from Southeast Asia and targeted technological know-how and research, according to the group,

While hackers managed to steal some information, its exact nature is not clear, with the exception of certain project data from an engineering company, ThyssenKrupp said in an emailed statement Thursday. As a result, at this time there’s no reliable estimation of the damage to the company’s intellectual property.”